Sonatype Blog

True Story. Over the past few years, Fannie Mae transformed the way in which they delivered software. Deploys increased from 1,200/month to 15,000/month. At the same time, productivity increased by 28% while reducing costs by 30%. But, how did they do it?

As government agencies seek to become more innovative and agile, they’re embracing DevOps practices and open source software to rapidly and efficiently develop higher quality applications. These agencies must ensure the components they are using are reliable and free of vulnerabilities.

Over the past year, I have traveled to and delivered presentations at 18 DevOps events. I’ve also heard that over the past several years, John Willis has participated in more than 200 DevOps events. But not all of us have the time or budget to get ourselves and our teams out to these events where we can learn from other practitioners.

I recently sat down with Pete Erickson, founder of Modev, to discuss the recent findings from our 2016 State of the Software Supply Chain Report. The conversation is available in the Security by Design podcast series that Pete has produced and made available on iTunes.

From artisan to automation. High performing organizations are using DevOps principles to boost productivity, streamline software supply chains, and improve quality. These organizations are swiftly moving away from their artisanal approaches of crafting software to the high-velocity, automated practices where applications are more manufactured than developed.

“Being able to take needless work out of the system is more important than being able to put more work into the system.” This is one of my favorite quotes from Gene Kim’s book, The Phoenix Project, and it plays directly into why we're announcing the DevOps Express initiative today.

Free Birds, Free Coffee, and Free Willy. Software development is hard enough, so we’re making it easier. You see, a few years ago Sonatype made a promise that Nexus Repository should provide universal component support for free. This month, we are continuing to live up to that promise by expanding component support in Nexus Repository OSS to include PyPI and RubyGems packages. Nexus Repository now offers free support for seven components types. For those who thought we only supported Java components, you must be thinking of the other guys.